Opensuse Leap vulnerabilities

CVE-2020-13844 [MEDIUM] CWE-203 CVE-2020-13844: Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in contr Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

CVE-2020-12802 [MEDIUM] CWE-200 CVE-2020-12802: LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents

CVE-2020-12803 [MEDIUM] CWE-20 CVE-2020-12803: ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained f ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.

CVE-2020-12723 [HIGH] CWE-120 CVE-2020-12723: regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10543 [HIGH] CWE-190 CVE-2020-10543: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular ex Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2020-10878 [HIGH] CWE-190 CVE-2020-10878: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-13817 [HIGH] CWE-330 CVE-2020-13817: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of se ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instanc

CVE-2020-13800 [MEDIUM] CWE-674 CVE-2020-13800: ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

CVE-2020-6493 [CRITICAL] CWE-416 CVE-2020-6493: Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-11080 [HIGH] CWE-707 CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of se In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vul

CVE-2020-13379 [HIGH] CWE-918 CVE-2020-13379: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This v The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid U

CVE-2020-6496 [HIGH] CWE-416 CVE-2020-6496: Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-6495 [MEDIUM] CWE-276 CVE-2020-6495: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2019-20810 [MEDIUM] CWE-401 CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not cal go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.

CVE-2020-6494 [MEDIUM] CVE-2020-6494: Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-13659 [LOW] CWE-476 CVE-2020-13659: address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBu address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.

CVE-2020-12867 [MEDIUM] CWE-476 CVE-2020-12867: A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

CVE-2020-11086 [MEDIUM] CWE-125 CVE-2020-11086: In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_ch In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.

CVE-2020-11038 [MEDIUM] CWE-680 CVE-2020-11038: In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /v In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound

CVE-2020-11018 [MEDIUM] CWE-125 CVE-2020-11018: In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performe In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.